21 Jan 2019

What Should You Do with Passwords After a Major Leak

Of course, the most important news last week was the publication of “Collection #1” — a database consisting of 2.7 billion pairs of "email: password", and 773 million unique records. The leak was already covered in detail in the previous post. Now let's talk about what you should do to protect yourself.

Passwords have long been recognized as an unreliable means of protecting accounts on the network. With a high probability, all your ten-year-old passwords are already available to attackers due to the mass of large and small leaks from Linkedin, Twitter, Tumblr, MySpace and Yahoo. Spoiler: There is no simple solution to the problem, but there is a set of actions that will help reduce the risk of hacking important accounts.

If you are subscribed to Troy Hunt's…

Read More
18 Jan 2019

2.7B Leaked Passwords in 87GB Dump

For several years now, Troy Hunt, a renowned security professional, has been supporting the site Have I Been Pwned (HIBP) with millions of records of stolen accounts. Anyone can check their email for leakage. Troy Hunt monitors hacker forums, buys databases that are put up for sale, sometimes these databases are sent to him for free. But never before have such a huge base been put up for sale as the current Collection #1.

The giant archive contains 2,692,818,238 entries with email addresses and passwords.

Hunt acquired the dump and carried out the analysis, although its huge size caused certain technical difficulties due to exceeding the 32-bit value.

Troy says he downloaded the archive from the Mega file sharing. Several informants promptly sent him a…

Read More
12 Jul 2018

Best Practices for Storing Passwords in Database

Let's see what the best way is to store passwords in the database and how well-known platforms solve this problem.

Plaintext

When there was a passwords' storing problem, the first idea was to write them openly in the corresponding table in the database. It would be a good idea if clients could not access the table with passwords directly. But, unfortunately, the well-known SQL injection still sometimes works in various web applications, not to mention other potential vulnerabilities. In security matters, it is customary to assume the worst and prepare a plan of action and defense precisely for such a case. It should be assumed that the attacker has already found a hole in the web application and, in one way or other, downloads a table with the logins and passwords of users…

Read More
02 Jul 2018

WPA3: Weak Passwords Became More Secure

On June 25, 2018, WiFi Alliance officially introduced the certification program for Wi-Fi CERTIFIED WPA3. This is the first security update for Wi-Fi for the last 14 years.

According to the alliance, WPA3 (Wi-Fi Protected Access 3) “adds new features to simplify Wi-Fi security, providing more reliable authentication, increasing cryptographic strength for highly sensitive data markets and ensuring the fault tolerance of critical networks”. WPA3 key features:

  • The latest cryptographic protocol are used;
  • Obsolete protocols are prohibited;
  • Function of protecting control frames from PMF compromise (Protected Management Frames) is mandatory.

Since Wi-Fi networks have different needs for use and security, WPA3, like WPA2, offers…

Read More
06 Jun 2018

Why Does the Error of Unsupported File Format Occur?

While uploading a file to our site, in some cases, you may see the error message: “Unsupported file format or file is not password protected.” People often ask us why such an error may appear even for a valid password protected document? So, we decided to explain the issue fully and write an article to save both your and our time.

Suppose you have a password-protected document, and we officially support its format. It may be an MS Word or PDF file, for example. So, you upload it to our site but see the error message we are talking about. Why does it happen?

Let's exclude the possible software crash problem, and the file is OK. The possible error message reason could be because even seemingly identical files may have different internal structures. For example, a *.xlsx…

Read More
01 Jun 2018

What is Brute Force?

Some guys wonder what brute force is and whether it is possible to recover the password if the password database search run has failed and the original password structure is unknown. So, we answer the question.

So, what is brute force?

Strictly speaking, brute force is a serial search through all possible passwords of the specified length using certain symbols. In most cases, passwords consist of Latin alphanumeric characters: that is a set of characters from 0-9, a-z, A-Z. Sometimes people add to it special characters that can be typed on the keyboard: ~!@"#$% , and others. Usually, it is a set of 90-100 characters.

During brute force attack, we first sort through all single-character passwords and then compare the received hash with the reference one to determine…

Read More
12 Mar 2018

PKZIP Format is Added

Dear users, today we have great news for you. We finally befriended PKZIP format, and are pleased to bring to your attention the password recovery option of Zip archives with PKZIP compression.

For those who are not aware: PKZIP is one of the compression algorithms used in *.zip files. But it is not just one of the algorithms, but the de facto standard for Zip archives. Here is just the list of some main libraries and programs using PKZIP for data compression:

  • zlib and gzip libraries;
  • WinRar;
  • 7z;
  • Built-in support for Zip in Windows OS;
  • Old versions of WinZip.

Our internal statistics show that PKZIP compression is used in more than 80% of all Zip archives. Why did we not add it earlier? It is not a…

Read More
06 Feb 2018

The “admin:password” Problem: Standard Passwords Helped to Create a Botnet From Almost 400,000 IoT Devices

The source code for a large IoT Mirai botnet components was published in early October 2016. It was known that there were mainly IoT devices in the botnet, including CCTV and DVR, almost 400,000 devices — extremely powerful botnet for DDoS attacks.

Screenshot of the forum Hackforums, where was published a message with links to the source code of the botnet

We saw at least two major attacks through Mirai botnet: Brian Krebs’ website was subjected to DDoS attack at speed of about 620 Gb/s; the French OVH hosting provider underwent an even more powerful DDoS attack of 1 Tb/s.

Botnet’s logic of spreading and devices’ infection indicates that digital cameras or IoT were not initially the target of its creators. They focused on finding connected to the Internet devices…

Read More

Copyright © 2017-2019 LostMyPass.com

Top